Sunday, August 10, 2008

iPhones-Macintosh computers become apples of hackers' eyes

LAS VEGAS, Nevada (AFP) — Security specialists said Saturday that hackers are taking increasing aim at iPhones and Macintosh computers as the hot-selling Apple devices gain popularity worldwide.

Hackers have historically focused devious efforts on computers using Windows operating systems because the Microsoft software has more than 90 percent of the global market, promising evil-doers a wealth of targets.

Macintosh computers have been gaining market share and catching the interest of hackers, according to Zero Day Initiative (ZDI) security vulnerability analyst Cameron Hotchkies.

"There are more eyes looking over Apple products for vulnerabilities," Hotchkies told AFP at a notorious annual DefCon gathering of hackers in Las Vegas.

"It has slowly been growing as a target people are more and more interested in."

Hotchkies specializes in Apple software as part of a ZDI team devoted to scrutinizing programming holes and crafting "patches" to prevent hackers from exploiting weaknesses.

More than a thousand people crammed into his DefCon talk about hacking Apple software. He was peppered with technical questions at the close of the session.

"There are a lot more people getting into it and really getting their hands dirty," said Hotchkies, who noted an obvious spike this year in the number of DefCon attendees toting Macintosh laptops.

"I've been seeing a lot of reverse engineering on the Apple platform."

Part of the reason for increased popularity of Macintosh computers is that Apple has made the machines friendlier to running programs popular on Windows-based machines.

Hackers experienced with attacking Windows programs can apply some of their know-how to software modified to run on Macintosh computers.

Developers that re-craft Windows programs for Macintosh systems might not be adept at building security components on the latest Leopard operating system used in Apple machines.

"Windows developers take their code and make it work on Apple," Hotchkies said. "They could take potential vulnerabilities with them or possibly create new ones because they are working on an entirely different platform."

Apple's Safari operating system is the basis for internet browsing using iPhones, which are basically handheld mini-computers with telephone, music, and video viewing capabilities.

It took about a month for someone to hack a first-generation iPhone after its release, but an iPhone 3G was cracked within hours of the start of sales in July.

The hack is crowned a "jail break" because it liberates iPhone models from the shackles of deals Apple has with telecom giants providing exclusive service to the devices in varying countries.

"It shows people are getting proficient at analyzing Apple software," Hotchkies said.

"There are people looking at the iPhone. We pass vulnerabilities on to vendors, and when I communicate with Apple the first thing they ask is if we've tested it on the iPhone. They don't want to be surprised."

Apple engineers are also addressing "legacy issues," protecting old software from new threats, according to Hotchkies.

From :